[[!meta title="Protection against cold boot attacks"]]

While using a computer, all the data manipulated is written temporarily
in [[!wikipedia Random-access_memory desc="RAM"]]: texts, saved files,
but also passwords and encryption keys. The more recent the activity,
the more likely it is for the data to still be in RAM.

After a computer is powered off, the data in RAM disappears rapidly, but
it can remain in RAM up to several minutes after shutdown. An attacker
having access to a computer before it disappears completely could
recover important data from your session.

This can be achieved using a technique called <span
class="definition">[[!wikipedia Cold_boot_attack desc="cold boot
attack"]] </span>. To prevent this attack, the data in RAM is
overwritten by random data when shutting down Tails. This erases all
traces from your session on that computer.

<div class="bug">

On some computers Tails might fail to:
<ul>
  <li>[[erase all the data in RAM on
  shutdown|support/known_issues#memory-wipe]]</li>
  <li>[[completely shutdown or restart|support/known_issues#fails-to-shutdown]]
  (in this case there is no guarantee that all the data in RAM is
  erased).</li>
</ul>

</div>

Moreover, an attacker having physical access to the computer *while
Tails is running* can recover data from RAM as well. To avoid that,
learn the different methods to [[shutdown
Tails|doc/first_steps/shutdown]] rapidly.

As far as we know, cold boot attacks are not a common procedure for
data recovery, but it might still be good to be prepared. If no cold
boot attack happens directly after shutdown, the RAM empties itself in
minutes, and all data disappears.
